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Abstract  -  Critical  missions  require  the  guarantees 
provided  through  formal  verification  and  functional 
programming.  This  provides  a  strong  basis  for  decisions 
that  must  be  assured  in  a  contested  cyber  environment 
We  present  a  framework  for  educating  future  cyber 
leaders  on  these  important  concepts  and  tools* 

Index  Terms  -  Functional  programming,  formal  verification, 
education,  mission  assurance 

The  Problem 

The  U.S.  Department  of  Defense  (DoD)  depends 
increasingly  on  technology  and  cyberspace  to  execute 
critical  missions.  Recent  congressional  and  White  House 
reports,  [1][2]  concurred  on  the  need  to  assure  these 
missions  especially  in  a  contested  cyber  environment  -  an 
environment  that  may  be  under  attack. 

The  DoD  requires  employees  that  can  assess  the  quality  of 
the  specification,  design  and  implementation  of  a  mission 
including  all  supporting  technology*  This  requires  educating 
personnel  on  verification  methods  including  formal 
mathematics,  access-control  logic  [3]  and  the  science  of 
mission  assurance  [4], 

Approach 

Functional  languages  such  as  Haskell  [5]  and  ML  [6]  are 
well  suited  for  (1)  animating  specifications,  (2)  prototyping 
implementations,  and  (3)  formal  verification.  Formal 
verification  and  reasoning  about  access-control  decisions 
and  security  policies  are  important  for  assuring  critical  DoD 
missions.  Design  specifications  and  implementations  can  be 
animated  using  functional  languages  to  validate 
specifications  and  requirements*  Theorem  provers  such  as 
HOL  [7]  can  then  be  used  to  verify  correctness  and 
properties  of  implementations.  Tools  such  as  HOL  enable 
independent  verification  by  third  parties,  which  is  the  key  to 
mission  assurance.  The  DoD  must  be  able  to  establish  that 
vendors  have  correctly  implemented  mission  critical 
systems.  Functional  languages  and  theorem  provers  such  as 
Haskell  and  HOL  enable  DoD  employees  to  independently 
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verify  and  assure  that  systems  meet  mission  requirements. 

We  have  used  access-control  logic  and  HOL  to  specify  and 
verify  DoD  concepts  of  operations  [8].  This  work  involves 
trust  establishment  and  preserving  integrity  of  command  and 
control  of  Air  Force  systems. 

Our  hypothesis  is  that  formal  math  and  logic  in  the  form  of 
Haskell  and  HOL  help  engineers  create  and  verify  systems 
in  ways  that  make  it  easier  to  credibly  document  and  assess 
claims  of  correctness  and  security.  As  Professor  David 
Parnas  champions,  we  must  demand  “disciplined,  careful, 
complete  work”  [9]. 

Method 

To  meet  DoD  assurance  needs,  we  are  experimenting  with  a 
methodology  to  educate  future  DoD  employees  and 
contractors  on  the  science  of  mission  assurance  through  the 
use  of  functional  programming,  access-control  logic,  and 
formal  verification  using  theorem  proving.  We  view  these  as 
essential  capabilities  for  accurately  describing,  prototyping, 
and  verifying  systems  for  critical  missions. 

Since  2003,  we  have  educated  undergraduate  and  graduate 
students  as  well  as  practicing  engineers  in  practical  uses  of 
access-control  logic  [  1 0][  1 1][I2],  This  has  allowed  us  to 
develop  this  comprehensive  educational  framework  to  teach 
concepts  of  formal  verification  for  m  ission  assurance* 

In  2011,  the  Air  Force  Research  Laboratory  Information 
Directorate  created  the  Information  Assurance  Internship 
[13]  -  a  follow-up  to  the  Advanced  Course  in  Engineering 
(ACE)  Cyber  Security  Boot  Camp  [14][15].  We 
implemented  this  methodology  during  the  internship  which 
was  to  undergraduates  and  newly  graduated  students.  We 
used  several  Air  Force  missions  as  use  cases  for  the  access - 
control  logic  to  formally  verify  mission  assurance. 

INFORMATION  ASSURANCE  INTERNSHIP 

During  the  2011  Information  Assurance  Internship, 
undergraduate  students  were  challenged  to  learn  a  functional 
programming  language  in  two,  four  hour  long  sessions.  They 
were  taught  Haskell  first  then  HOL.  They  incorporated  the 
Haskell  programs  into  the  design  of  their  weekly  projects* 
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Their  projects  focused  on  designing  secure  systems  for 
mission  specific  tasks. 

These  students  used  Haskell  to  animate  the  specifications  of 
their  engineering  design.  They  demonstrated  their  working 
code  during  their  presentations  in  which  they  highlighted  the 
specialized  language  syntax  and  semantics. 

The  students  also  incorporated  the  HOL  theorem  prover  into 
their  later  projects.  This  allowed  for  a  formal  verification  of 
their  systems.  It  also  created  a  common  reference  for  the 
teams  of  students  to  debate  the  merits  of  their  designs.  These 
foundational  skills  provide  the  students  with  tangible  take-a¬ 
ways  for  future  research  and  design. 

Conclusion  and  future  work 

Overall  the  results  of  our  work  show  promise  that  not  only 
practicing  engineers  can  learn  how  to  verify  a  mission,  but 
undergraduate  students  as  well.  With  a  relatively  small 
amount  of  course  work,  our  students  have  been  able  to 
reason  about  access-control,  security  and  mission  assurance. 
This  allows  the  students  to  precisely  describe  problems  in  a 
specification,  reason  about  the  security  concerns  and 
formally  verify  the  implementation  of  a  design. 

This  upcoming  semester  Syracuse  University  and  the  Air 
Force  Research  Laboratory  partnered  to  produce  18-credits 
of  a  Cyber  Engineering  Curriculum.  This  takes  the  normal 
junior  year  computer  engineering  curriculum  and  adds  a 
security  focus  to  each  course  -  examples  include  secure 
operating  systems,  secure  computer  architecture  and  secure 
hardware  design  laboratory.  In  the  future,  we  plan  to  expand 
this  curriculum  to  include  a  full  minor  in  the  security  field. 
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